Latest Entries

Run git-gc on a bare repo

Posting here for posterity since literally every other thing on google simply says “you’ll never have to gc a bare repo, because $reasons” and then doesn’t bother to even entertain the possibility of someone actually having to.

git --bare -C /path/to/your/repo.git gc

So complex and arcane. I can now understand why no one bothered to give an example…

Aptana SFTP “no suitable key exchange” or “socket is EOF” fix


Today I spun up a quick development instance using Ubuntu 15 and found that Aptana refused to connect via SFTP. After a few rounds of Google > Fix > New Error > GOTO 10 I’ve found that there are two problems.

  1. Aptana does not support anything more advanced than diffie-hellman-group1-sha1 for key exchange.
  2. OpenSSH has removed AES*-CBC ciphers from its default ciphers in favor of newer AES*-CTR ciphers.
  3. Aptana has explicitly disabled CTR support in their SSH library.

Continue reading…

SSH X11 forwarding with sudo and missing magic cookies

So you’ve fired up your X11 Server, connected to something remotely, sudo su -‘ed to root and gotten the following error:

MIT-MAGIC-COOKIE-1 data did not matchTraceback

There are a ton of posts floating around where you run xauth list in your pre-root account and then copy/paste them into xauth add commands after sudoing to root, or any one of a number of ugly-looking one-liners, but do you know what’s much easier?

[sammitch@jerkstore ~] sudo su -
[root@jerkstore ~] xauth merge ~sammitch/.Xauthority

Done. It seems simple, but for some reason I’ve never seen this posted as an answer to any discussion threads about this error.

The caveat to this being that it might clobber the pre-existing entries for other users running as root, but who cares about them, right?

Read-Only Elasticsearch Proxy using Nginx

I’ve recently set up an Elasticsearch/Logstash/Kibana cluster for a project and found Elasticsearch’s complete lack of authentication/authorization a bit alarming. I wasn’t exactly exposing these endpoints publicly, but I also didn’t want an inquisitive/careless/mischievous employee deleting documents or indexes.

However, the one exception I did want to make was to allow modifications to documents in the ‘kibana-int’ index so that users could create and modify dashboards.

So I’ve come up with the following Nginx config file for this:

upstream elastic_cluster {

server {
	listen 9200;
	client_max_body_size 50m;

	proxy_redirect off;
	proxy_set_header Connection "";
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_pass_header Access-Control-Allow-Origin;
	proxy_pass_header Access-Control-Allow-Methods;
	proxy_hide_header Access-Control-Allow-Headers;
	add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type';
	add_header Access-Control-Allow-Credentials true;

	# disallow write/modify to all indices
	location / {
		limit_except GET POST HEAD OPTIONS {
			# you could use auth_basic options here to allow HTTP-Auth
			deny all;
		proxy_pass http://elastic_cluster;
	# re-allow write/modify to kibana-int index for dashboard storage
	location /kibana-int/ {
		proxy_pass http://elastic_cluster;


Hopefully someone finds this useful!

Converting OpenSSH keys to PuTTY format via command line

The information on converting to and from PuTTY key formats without starting up the PuTTYgen GUI is quite few and far between, as I’ve found.

The key bit is that PuTTY is available as a package for most Linux distros, and comes with PuTTYgen as well.

To convert your existing key, simply use:

puttygen openssh_private_key -o output_filename.ppk

And if you’d like to generate new OpenSSH and PuTTY keys, use something like:

fullname="Testy McTest"
ssh-keygen -t rsa -b 2048 -C "$fullname's Key" -N "" -f $username && \
puttygen $username -o $username.ppk

Which will generate files testy,, and testy.ppk.

I’d imagine that the PuTTYgen utility will accept the same command format on Windows as well if you’ve already got your OpenSSH keys handy there.

Copyright © 2009–2010. All rights reserved.

RSS Feed.